Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1447
Views
0
Helpful
12
Replies

VPN site-a-site sur ASA 5506 version 9.8

Go to solution
Hamza El Boukaoui
Level 1
Level 1

‎01-24-2022 02:53 AM

hello,

i have two asa 5506 and i wanted to configure a vpn sas.

i used the wizard and cli but not working, i don't find any thing on the logs.

any help please.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎01-24-2022 03:04 AM

First need to check, Are you able to reach ASA to ASA before you process to Site to Site VPN.

 

post the config of both ASA here.

 

You can find example and troubleshoot tips :

 

https://www.petenetlive.com/KB/Article/0001429

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

0 Helpful
12 Replies 12

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎01-24-2022 03:04 AM

First need to check, Are you able to reach ASA to ASA before you process to Site to Site VPN.

 

post the config of both ASA here.

 

You can find example and troubleshoot tips :

 

https://www.petenetlive.com/KB/Article/0001429

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Hamza El Boukaoui
Level 1
Level 1
In response to balaji.bandi

‎01-24-2022 08:48 AM

 
Preview file
16 KB
Preview file
11 KB
0 Helpful

Go to solution
Georg Pauwen
VIP
VIP

‎01-24-2022 08:21 AM

Hello,

 

hard to say what is missing, since your probably used the ASDM VPN Wizard. 

 

The Wizard has a summary screen (.7 in the attached document), can you post a screenshot of that ?

 

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/119141-configure-asa-00.html

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP

‎01-24-2022 08:52 AM

Just out of curiosity, how did you resolve this, what was the issue ?

0 Helpful

Go to solution
Hamza El Boukaoui
Level 1
Level 1
In response to Georg Pauwen

‎01-24-2022 12:00 PM

the problem don't resolved yet 

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to Hamza El Boukaoui

‎01-24-2022 12:14 PM

Hello,

 

 I would suggest not marking the question as 'resolved' if it is actually not. The reason is that once you do, nobody will look at it anymore because the assumption is that it is.

0 Helpful

Go to solution
Hamza El Boukaoui
Level 1
Level 1
In response to Georg Pauwen

‎01-25-2022 12:25 AM

thank you, 

sorry i think i clicked on Accept as Solution with no purpose.

 

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to Hamza El Boukaoui

‎01-25-2022 01:17 AM

Hello,

 

no big deal. I am not a moderator or anything, it just helps you to mark anything as resolved when it actually is resolved. People usually skip resolved posts, as they assume the problem is...well...resolved.

 

Either way, did changing the NAT exemption from 'inside_2' to 'inside' change anything ?

0 Helpful

Go to solution
Hamza El Boukaoui
Level 1
Level 1
In response to Georg Pauwen

‎01-25-2022 01:23 AM

ok, thank you i appreciate that.

nope nat command didn't change anything  

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to Hamza El Boukaoui

‎01-24-2022 12:21 PM

Hello,

 

I think the NAT exemption statement on your asa1 might be wrong. Change:

 

nat (inside_2,outside) source static local local destination static remote remote no-proxy-arp route-lookup

to

 

nat (inside,outside) source static local local destination static remote remote no-proxy-arp route-lookup

so the inside interface reflects the BDI.

0 Helpful

Go to solution
Hamza El Boukaoui
Level 1
Level 1
In response to Georg Pauwen

‎01-25-2022 01:23 AM

no sir this didn't work

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to Hamza El Boukaoui

‎01-25-2022 01:51 AM

Hello,

 

are these 5506-X ASAs ? I think the BVI is the default configuration for these devices (starting from 9.7). Do you really need the BVI ?

0 Helpful
Customers Also Viewed These Support Documents